Security Firms Help Shut Down Mariposa Botnet
The cybercriminals behind the Mariposa botnet, which attacked 13 million computers worldwide stealing sensitive personal data such as social networking logins and credit card details, have been arrested, says Panda Security and Defence Intelligence.
According to the security vendors, the botnet, which takes its moniker from the Spanish word for Butterfly was shut down in December last year, while the main operators 'Netkairo' and 'hamlet1917', along with 'Ostiator' and 'Johnyloleante' were arrested this month.
According to Christopher Davis, CEO for Defence Intelligence, who first discovered Mariposa, the botnet was one of the largest in the world and not only targeted consumers but also multi-national companies and government agencies.
Pedro Bustamante, senior research advisor at Panda Security, said: "Our preliminary analysis indicates that the botmasters did not have advanced hacking skills".
"This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss."
Mariposa was spread after hackers exploiting a vulnerability in Microsoft's web browser Internet Explorer. It was also spread by USB sticks and malicious links sent using Microsoft's MSN instant messenger.
Microsoft has not yet commented on the matter.
Panda Security said it was analysis of the malware that lead to PCs being recruited into the botnet, as well as letting other antivirus firms know its to ensure their signatures are updated.
"We will continue to fight the threat of botnets and the criminals behind them," says Davis.
"We'll start by dismantling their infrastructure and won't stop until they're standing in front of a judge."
Mel Morris, CEO of security firm Prevx said that while the case is good news, it really is a drop in the ocean compared to the sheer number of criminals out there constantly launching a variety of attacks.
"What this case does highlight is that despite having the most up-to-date anti-virus software installed, these threats can still be missed," said Morris.
"Additionally, even when a perpetrator is found, bringing a case against them can eat up huge resources on the part of businesses and the justice system. Hence for criminals, the benefits of cybercrime significantly outweigh the risks so they will stop at nothing to find chinks in the armour of PC security."
Morris said that a lack of centralised intelligence about new threats means criminals can evade detection quite easily.
"We need to acknowledge the role centralised intelligence is playing in malware development and build defences around counter-intelligence. If we fail to act now, criminals will continue to reap the rewards while the industry merely bites at their heels."